Re: faking session data
- From: "Kimmo Laine" <eternal.erectionN0.5P@xxxxxxxxxx>
- Date: Tue, 30 Aug 2005 21:47:50 +0300
"Marcus" <JumpMan222@xxxxxxx> kirjoitti
viestissä:fw1Re.598$sF6.421@xxxxxxxxxxxxxxxxxxxxxxxxxxxxx
> Hello all,
>
> I have written numerous functions that check all user entered data on my
> site via POST and GET. My question is this: once my data checks out as
> being valid, I sometimes store it in SESSION as I move between pages, and
> eventually use the values in SESSION to update my database. Do I need to
> re-check the values in SESSION to make sure they are still valid before
> updating the database? In other words, I know session data resides on the
> server, but how possible/likely is it that a malicious user could fake
> session data after or in lieu of my initial error checks? All pages are
> protected by SSL if that makes any difference. Thanks in advance.
>
I'd say your session data is quite secure. Although, you might concider
these precautions:
http://www.ericisgreat.com/tinfoilhats/
--
SETI @ Home - Donate your cpu's idle time to science.
Further reading at <http://setiweb.ssl.berkeley.edu/>
Kimmo Laine <eternal.erectionN0@xxxxxxxxxxxxx>
.
- References:
- faking session data
- From: Marcus
- faking session data
- Prev by Date: Recommend good php editor
- Next by Date: php download problem.
- Previous by thread: faking session data
- Next by thread: Re: faking session data
- Index(es):
Relevant Pages
|
